Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in Consumer Privacy

Hogan Lovells Article Anticipates Busy FTC Enforcement Season

Writing for Expert Guide: Competition and Antitrust Law, Hogan Lovells attorneys Dean Hansell and Charles Dickinson discuss the FTC’s current consumer protection initiatives and identify emerging areas of focus of the agency’s regulatory initiatives.  Hansell and Dickinson also expect that the FTC may be “more willing to push enforcement initiatives” with its current roster of Commissioners and offer that “companies of all sizes would be well-served to understand how their businesses might fall under the FTC’s radar.”

To read “Current FTC Enforcement Initiative in the Consumer Protection Arena,” click here.

Posted in Cybersecurity & Data Breaches

NIST Seeks Information on Cybersecurity Framework Experience

Six months after release of the Framework for Improving Critical Infrastructure Cybersecurity (Framework), on August 21 the National Institute of Standards and Technology (NIST) put forward a draft Request For Information (RFI) to learn more about experiences with and effectiveness of the Framework. Through the RFI process, NIST seeks to better understand how organizations in all critical infrastructure sectors are approaching and making specific use of the Framework. Responses to the RFI are expected to shape the agenda for NIST’s 6th Cybersecurity Framework Workshop, its first following the Framework’s release. Continue Reading

Posted in Cybersecurity & Data Breaches

NIST Launches into the Internet of Things

This week, the National Institute of Standards and Technology (NIST) convened the first face-to-face meeting of the cyber-physical systems public working group (CPS PWG) to develop and implement a new cybersecurity framework dedicated to cyber-physical systems (CPS), also known as the “Internet of Things.” Companies developing products and services involving CPS may consider participating in the CPS PWG, as participation in webinars and meetings is open and intended to be convenient. The group’s efforts may affect the legal landscape developing around CPS. Continue Reading

Posted in International/EU Privacy, Privacy & Security Litigation

Unsurprisingly, U.S. Court Rules that Cloud Provider Must Produce Data Stored Abroad

On July 31, a U.S. District Court judge ruled from the bench that Microsoft could be forced to turn over customer emails in the context of a law enforcement investigation even though those emails were stored on servers located in Ireland.  Microsoft had contested the government’s request, arguing that the data was subject to Irish law and that the U.S. government was required to utilize law enforcement treaty channels to obtain the data.  Microsoft has appealed the ruling, which now will be heard by the Second Circuit court of appeals.

Since the ruling, I have had a number of conversations, mostly with lawyers located outside of the U.S., expressing surprise that the ruling gave such seemingly expansive jurisdiction to the U.S. government. But it shouldn’t come as a surprise to those who follow these issues, including readers of Hogan Lovells’ white papers on government access, that U.S. law enforcement can compel companies subject to its jurisdiction to produce data stored abroad, and that many other countries’ governments provide the exact same authority.

Continue Reading

Posted in International/EU Privacy

Is Appointing an EU Controller Still Valuable for Global Businesses?

The dust has yet to settle but much has already been said about the implications of the Google Spain decision by the Court of Justice of the European Union (CJEU) and the right to be forgotten. The controversy has focused on the impact of this judgment on freedom of expression and the right of access to information, as well as the potentially devastating effect of a large amount of deletion requests. EU regulators are wondering – like everybody else – how big and unmanageable this is going to get, whilst search engines scramble for resources to deal with the unknown. With the prospect of an even more demanding EU privacy framework looming over the horizon, the right to be forgotten decision is a potential game changer for the whole Internet industry. But the CJEU did not just enable an unprecedented level of control by individuals over their data, it shook the basis on which the applicability of EU data protection law has been understood until now. Continue Reading

Posted in Consumer Privacy

Destroy Securely: Delaware Adopts New Data Destruction Law

Delaware recently adopted a new law that will add requirements related to the destruction of records containing “personal identifying information.”  With that law, Delaware joined a number of other states that place restrictions on the ways in which entities destroy or dispose of personal information. The Delaware law will become effective January 1, 2015. Continue Reading

Posted in Consumer Privacy

Hogan Lovells Partner Engages in NY Times on Big Data and Inequality

Writing for the New York Times “Room for Debate,” Christopher Wolf, Hogan Lovells partner and co-director of the firm’s global Privacy and Information Management group, focuses on the potential positive uses for Big Data, observing that “Big Data can also advance the interests of minorities and actually fight discrimination.”  Wolf cites examples such as Entelo Diversity, an employee recruiting platform that promises to diversify workplaces by using powerful algorithms to analyze public data and find qualified candidates who are also members of underrepresented classes.

In Is Big Data Spreading Inequality?, Wolf’s Times column is joined by contributions from academia, civil society, and businesses who each offer reflection on the future of Big Data’s impact on inequality.

Posted in Health Privacy/HIPAA

California Appeals Court Rules that Mere Possession of Medical Information by Unauthorized Person is Insufficient to Support Breach Claims Under the CMIA

In a ruling that was welcome news to health care providers, insurers, and others that maintain medical information of California residents, the California Court of Appeals recently held that the mere possession of medical information by an unauthorized person, without actual viewing of the information, is not sufficient to establish a breach of confidentiality under the California Confidentiality of Medical Information Act (CMIA), Cal. Civ. Code §§ 56 et seq.  Continue Reading

Posted in Consumer Privacy

The Hidden Mini-Dissents in the Data Broker Report of Federal Trade Commissioner Wright

On May 27, the Federal Trade Commission (FTC) issued a report on the data broker industry that found data brokers operate with a “fundamental lack of transparency.” The commission unanimously recommended that Congress consider enacting legislation to make data broker practices more visible to consumers and to give consumers greater control over the immense amounts of personal information about them that are collected and shared by data brokers. Not well-recognized at the time were a number of concerns, mini-dissents if you will, expressed by Federal Trade Commissioner Josh Wright. I recently asked Commissioner Wright some questions about his “dissent by footnotes.” Continue Reading

Posted in International/EU Privacy

EU Data Protection Supervisor’s Workshop Examines Role of Privacy in Merger Reviews and Competition Investigations

In a recent client alert, Hogan Lovells partners from the firm’s London and Washington, D.C. offices highlighted key takeaways for businesses following the European Data Protection Supervisor’s (EDPS) Workshop on Privacy, Consumers, Competition and Big Data.

The workshop, hosted by EDPS in the European Parliament in Brussels on 2 June 2014, discussed the technological advances and market for ‘big data’ analytics and the policy implications for the fields of data protection, competition and consumer protection of the rapidly expanding digital economy in the EU and in other regions, particularly the in US. Around 70 experts attended, including representatives from the European regulators and the US Federal Trade Commission. Continue Reading